f537a8259b
Implemented bp/2-way-ssl using eventlet-based SSL. Change-Id: I5aeb622aded13b406e01c78a2d8c245543306180
170 lines
4.7 KiB
Plaintext
170 lines
4.7 KiB
Plaintext
[DEFAULT]
|
|
# A "shared secret" between keystone and other openstack services
|
|
# admin_token = ADMIN
|
|
|
|
# The IP address of the network interface to listen on
|
|
# bind_host = 0.0.0.0
|
|
|
|
# The port number which the public service listens on
|
|
# public_port = 5000
|
|
|
|
# The port number which the public admin listens on
|
|
# admin_port = 35357
|
|
|
|
# The port number which the OpenStack Compute service listens on
|
|
# compute_port = 8774
|
|
|
|
# === Logging Options ===
|
|
# Print debugging output
|
|
# verbose = True
|
|
|
|
# Print more verbose output
|
|
# debug = True
|
|
|
|
# Name of log file to output to. If not set, logging will go to stdout.
|
|
# log_file = keystone.log
|
|
|
|
# The directory to keep log files in (will be prepended to --logfile)
|
|
# log_dir = /var/log/keystone
|
|
|
|
# Use syslog for logging.
|
|
# use_syslog = False
|
|
|
|
# syslog facility to receive log lines
|
|
# syslog_log_facility = LOG_USER
|
|
|
|
# If this option is specified, the logging configuration file specified is
|
|
# used and overrides any other logging options specified. Please see the
|
|
# Python logging module documentation for details on logging configuration
|
|
# files.
|
|
# log_config = logging.conf
|
|
|
|
# A logging.Formatter log message format string which may use any of the
|
|
# available logging.LogRecord attributes.
|
|
# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
|
|
|
|
# Format string for %(asctime)s in log records.
|
|
# log_date_format = %Y-%m-%d %H:%M:%S
|
|
|
|
# onready allows you to run a command when the process is ready to serve
|
|
# for example to have it notify using systemd, one could set
|
|
# onready = systemd-notify --ready
|
|
|
|
[sql]
|
|
# The SQLAlchemy connection string used to connect to the database
|
|
# connection = sqlite:///keystone.db
|
|
|
|
# the timeout before idle sql connections are reaped
|
|
# idle_timeout = 200
|
|
|
|
[identity]
|
|
# driver = keystone.identity.backends.sql.Identity
|
|
|
|
[catalog]
|
|
# dynamic, sql-based backend (supports API/CLI-based management commands)
|
|
# driver = keystone.catalog.backends.sql.Catalog
|
|
|
|
# static, file-based backend (does *NOT* support any management commands)
|
|
# driver = keystone.catalog.backends.templated.TemplatedCatalog
|
|
|
|
# template_file = default_catalog.templates
|
|
|
|
[token]
|
|
# driver = keystone.token.backends.kvs.Token
|
|
|
|
# Amount of time a token should remain valid (in seconds)
|
|
# expiration = 86400
|
|
|
|
[policy]
|
|
# driver = keystone.policy.backends.rules.Policy
|
|
|
|
[ec2]
|
|
# driver = keystone.contrib.ec2.backends.kvs.Ec2
|
|
|
|
[ssl]
|
|
#enable = True
|
|
#certfile = /etc/keystone/ssl/certs/keystone.pem
|
|
#keyfile = /etc/keystone/ssl/private/keystonekey.pem
|
|
#ca_certs = /etc/keystone/ssl/certs/ca.pem
|
|
#cert_required = True
|
|
|
|
|
|
[ldap]
|
|
# url = ldap://localhost
|
|
# user = dc=Manager,dc=example,dc=com
|
|
# password = freeipa4all
|
|
# suffix = cn=example,cn=com
|
|
# use_dumb_member = False
|
|
|
|
# user_tree_dn = ou=Users,dc=example,dc=com
|
|
# user_objectclass = inetOrgPerson
|
|
# user_id_attribute = cn
|
|
|
|
# tenant_tree_dn = ou=Groups,dc=example,dc=com
|
|
# tenant_objectclass = groupOfNames
|
|
# tenant_id_attribute = cn
|
|
# tenant_member_attribute = member
|
|
|
|
# role_tree_dn = ou=Roles,dc=example,dc=com
|
|
# role_objectclass = organizationalRole
|
|
# role_id_attribute = cn
|
|
# role_member_attribute = roleOccupant
|
|
|
|
[filter:debug]
|
|
paste.filter_factory = keystone.common.wsgi:Debug.factory
|
|
|
|
[filter:token_auth]
|
|
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
|
|
|
|
[filter:admin_token_auth]
|
|
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
|
|
|
|
[filter:xml_body]
|
|
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
|
|
|
|
[filter:json_body]
|
|
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
|
|
|
|
[filter:crud_extension]
|
|
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
|
|
|
|
[filter:ec2_extension]
|
|
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
|
|
|
|
[filter:url_normalize]
|
|
paste.filter_factory = keystone.middleware:NormalizingFilter.factory
|
|
|
|
[app:public_service]
|
|
paste.app_factory = keystone.service:public_app_factory
|
|
|
|
[app:admin_service]
|
|
paste.app_factory = keystone.service:admin_app_factory
|
|
|
|
[pipeline:public_api]
|
|
pipeline = url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension public_service
|
|
|
|
[pipeline:admin_api]
|
|
pipeline = url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service
|
|
|
|
[app:public_version_service]
|
|
paste.app_factory = keystone.service:public_version_app_factory
|
|
|
|
[app:admin_version_service]
|
|
paste.app_factory = keystone.service:admin_version_app_factory
|
|
|
|
[pipeline:public_version_api]
|
|
pipeline = url_normalize xml_body public_version_service
|
|
|
|
[pipeline:admin_version_api]
|
|
pipeline = url_normalize xml_body admin_version_service
|
|
|
|
[composite:main]
|
|
use = egg:Paste#urlmap
|
|
/v2.0 = public_api
|
|
/ = public_version_api
|
|
|
|
[composite:admin]
|
|
use = egg:Paste#urlmap
|
|
/v2.0 = admin_api
|
|
/ = admin_version_api
|